Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.5 CVE-2026-14249

Request a Quote Form Plugin <= 2.5.5 - Unauthenticated Code Injection via 'path' Parameter_CVE-2026-14249

The Request a Quote plugin for WordPress is vulnerable to Code Injection in versions up to, and including, 2.5.5 via the emd_delete_file AJAX actio...

emarket-design Request a Quote – Quote Forms for Any WordPress Site CVE
MEDIUM 6.4 CVE-2026-13704

GiveWP <= 4.16.1 - Authenticated (Give Worker+) Stored Cross-Site Scripting via Sequioa Form_CVE-2026-13704

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sequoia[introducti...

stellarwp GiveWP – Donation Plugin and Fundraising Platform CVE
MEDIUM 4.9 CVE-2026-13357

Houzez Property Feed <= 2.5.46 - Authenticated (Administrator+) SQL Injection via 'orderby' Parameter_CVE-2026-13357

The Houzez Property Feed plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.5....

propertyhive Houzez Property Feed CVE
MEDIUM 4.3 CVE-2026-11600

Envo’s Templates & Widgets for Elementor and WooCommerce <= 1.4.26 - Missing Authorization to Authenticated (Author+) Private Content Disclosure via Envo Tabs Widget 'templates' Setting_CVE-2026-11600

The Envo's Templates & Widgets for Elementor and WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing aut...

envothemes Envo's Templates & Widgets for Elementor and WooCommerce CVE
MEDIUM 4.3 CVE-2026-11592

Email Subscribers & Newsletters <= 5.9.27 - Missing Authorization to Authenticated (Contributor+) Settings Modification via ig_es_handle_request AJAX Action_CVE-2026-11592

The Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress plugin for WordPress is vulnerable to a...

icegram Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress CVE
MEDIUM 6.4 CVE-2026-10089

Insert Pages <= 3.11.4 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Field Keys (Meta Key Names)_CVE-2026-10089

The Insert Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post custom field keys (meta key names) in all versions up t...

figureone Insert Pages CVE
HIGH 7.5 CVE-2026-33592

FindServers Memory Exhaustion in open62541_CVE-2026-33592

An unauthenticated remote attacker can exhaust server memory via the FindServers Discovery Service in open62541. The serverUris field of FindServer...

open62541 project / o6 Automation GmbH open62541 1.4.0 CVE
CRITICAL 9.8 5FAFE7AF-9ADD-

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Hiyouga Llama-Factory_5FAFE7AF-9ADD-5A87-8223-328B9E22885E

CVE-2026-58116 — LLaMA-Factory WebUI RCE via trustremotecode Proof of concept for CVE-2026-58116 CVSS 9.8 Critical: remote code execution in LLaMA-...

N/A N/A GITHUBEXPLOIT
NONE 9B329910-D362-

CVE2PoC_9B329910-D362-5657-8E8B-33CA109ECCD7

CVE2PoC A prototype for generating real npm vulnerability PoCs based on LLMs and Docker differential verification. Core objectives: Vulnerability i...

N/A N/A GITHUBEXPLOIT
NONE 12388B01-153A-

jchain-static_12388B01-153A-54F4-AD26-248E6451D6DE

jChain-Static Vulnerability Chain Playbook Generator for Penetration Testing jChain-Static is a static database of known vulnerability exploitation...

N/A N/A GITHUBEXPLOIT